#!/usr/bin/python3

# Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution
# Date: 03/02/2020
# Exploit Author: Askar (@mohammadaskar2)
# CVE: CVE-2020-8813
# Vendor Homepage: https://cacti.net/
# Version: v1.2.8
# Tested on: CentOS 7.3 / PHP 7.1.33

from lib.core.Request import request
from plugin.target_parse import get_standard_url


def poc(url):
    url = get_standard_url(url)
    path = url+"/graph_realtime.php?action=init"
    try:
        # print(path)
        req = request.get(path, timeout=5)
        if req.status_code == 200 and "poller_realtime.php" in req.text:
            return True
        else:
            return False
    except:
        return False